This was an interesting issue I ran into when I was trying to set up SSL certificate for the encryption of this website to use HTTPS instead of HTTP. For this setup, I used Amazon Lightsail as my provider and the instance comes with Bitnami as its application package environment by default. Bitnami HTTPS configuration (bncert) tool is used to set up SSL certificates and was also installed by default.
To run the bncert tool, use the following command and enter a valid domain name (screenshot 1):
sudo /opt/bitnami/bncert-tool
What do you notice after the domain name is entered? That’s right, the crux of this post: “The domain does not resolve, please fix it’s DNS entries or remove it”. The error message seems straightforward at first but it is in fact quite a broad message. After some research and troubleshooting, I came to the conclusion that the problem came from both or either spots: the actual domain or the Lightsail instance itself. For the actual domain itself, I was able to check if the domain was resolving to the IP address via A records using whatsmydns.net (screenshot 2).
(If this was the issue, I would check that the A record(s) are setup properly on my domain provider and the domain is pointing to the IP address.) Now that we know that the domain itself is fine, we can check if the instance itself is able to resolve the domain. Because if the instance isn’t able to check the corresponding IP address for the domain, then it obviously wouldn’t be able to install the SSL certificates. To check if the domain is resolving, we can ping the domain or use the nslookup command (screenshot 3).
As you can see above, we’ve pinpoint the issue. The instance is not able to resolve the domain. Notice that the instance is using the IP address of 172.26.0.2 as its DNS server, which is the default DNS for the instance. As such, the instance isn’t able to resolve the domain using that address as the DNS server. To fix this, I changed the DNS server from 172.26.0.2 to 8.8.8.8 (Google’s DNS server) in /etc/resolv.conf which is the default DNS configuration file for Linux (screenshot 4). Then I tested the change with the ping and nslookup commands (screenshot 5).
Lastly, because of how the operating system is configured, /etc/resolv.conf reverts back to the default IP address every time the instance is restarted. To fix this, we’ll make /etc/resolv.conf immutable using the chattr (change attribute) command:
sudo chattr +i /etc/resolv.conf
Now the bncert tool should be able to resolve the domain and run successfully.
To wrap things up, at first, I thought installing SSL certificates would be simple and I did not expect to run into issues so this problem was unexpected (like most problems) but overall I enjoyed the troubleshooting process and learning more about how the nslookup command and DNS works.
Source: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-enabling-https-on-wordpress#https-wordpress-enable (original HTTPS guide from Amazon Lightsail)